The IoT Qualified as Secured (IQS) label can be used by IoT manufacturers to check the security of systems that use connected objects.

Currently, there are more than 14 billion IoT devices in circulation and more than 25 billion are expected to enter operation in 2021. With this surge in the number, connected objects have become a favourite target for cyber criminals.

However, there is a relief as Internet of Things (IoT) designers can now have the security of their IoT solutions checked by an independent third party.

digital.security, the leading European certifier for connected object security, has announced the launch of the IoT Qualified as Secured (IQS) programme – the first certification programme for Internet of Things (IoT) designers.

Using the IQS label, IoT manufacturers can check the security of their systems that use connected objects. The verified devices will feature the IQS pictogram – proof of security for future adopters or users, whether they are companies or private individuals.

“You cannot innovate successfully without managing risks. Our aim in launching the IQS label – the first certification system for the IoT – is to come to the aid of all stakeholders and provide this digital revolution with long-term support,” says Jean-Claude Tapia, CEO of digital.security.

Characteristics

The core of IQS is EvalUbik – a platform for assessing the security of connected objects. This is a fully-fledged test facility for creating the conditions under which a connected object is to be used, which can then be configured and managed.

The IQS label can be awarded to companies in all economic sectors. It is issued for IoT solutions (objects and associated services) for a period of two years, adhering to a set of public security requirements.

digital.security’s aim is to cover most security requirements in EU countries in an objective and measurable way.

Certification process

The Certification Committee, made up of digital.security’s independent cybersecurity experts, compares the anonymised assessment report with the framework selected for awarding the certification.

The IQS certificate’s security requirement reference framework has been derived from commonly accepted standards and good practices for protecting IT systems, and is supplemented by feedback from IoT audits conducted by digital.security. It covers the following:

Protection of data exchanges (PDE)

Protection of technical platforms (PTP)

Protection of data access (PDA)

Traceability (TRA)

All of the components making up a candidate IoT solution are assessed against the reference framework: the connected objects, the communications protocols, the servers that can be accessed over the Internet and the applications made available to users.